使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Browser-based ssh not working after Debian9 upgrade to Debian10

0

Instance OS : Debian9.5

Problems:

  • Cannot using lightsail Browser-based ssh , whereas remote ssh fine.
  • When I click connect using SSH button in my instance web-page, it
    show message as follow:

Log in failed. If this instance has just started up, try again in a minute or two.
CLIENT_UNAUTHORIZED 769

What I did before this problem :

  • using remote ssh to connect instance,
  • using 'apt' tools to upgrade system from Debian9.5 to Debian10

(upgrade according to https://www.debian.org/releases/buster/amd64/release-notes/ch-upgrading.en.html)

What should I do to let Browser-based ssh recover.
thanks

Edited by: chenlola on Jul 24, 2019 12:28 PM

主題
運算
標籤
Amazon Lightsail
語言
English
chenlola
已提問 5 年前檢視次數 255 次
6 個答案
0

Did you snapshot the instance before the upgrade? If so, I would suggest you revert to your snapshot and try the upgrade again.

It sounds like the SSH service isn't active. That may be due to the upgrade or some problem during the upgrade.

profile picture
David G
已回答 5 年前
0

Browser-based SSH won't work if your instance's system clock drifted too much from correct time.
Please check if that's indeed the case.

Did Debian upgrade modify your /etc/ssh/sshd_config file? Because that may be another reason why browser-based SSH stopped working.

Does your /etc/ssh/sshd_config file still contain the following line?

TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub

Does /etc/ssh/lightsail_instance_ca.pub still exist?

When your Lightsail instance was launched for the first time it ran the setup script that prepared it for browser-based SSH and more. You can see the contents of that script by using your favorite SSH client and doing this:

curl -s http://169.254.169.254/latest/user-data

If the setup related to /etc/ssh/lightsail_instance_ca.pub file was lost during upgrade, you may be able to recover browser-based SSH by repeating the steps in that script that pertain to /etc/ssh/lightsail_instance_ca.pub.

Thank you for using Lightsail.

Edited by: Pavel@AWS on Jul 30, 2019 12:36 PM

AWS
管理員
Pavel - AWS
已回答 5 年前
0

Thanks for Pavel@AWS and David G reply.

Finally ,add this line in /etc/ssh/sshd_config file , completely fixed my instance problem.
(Do not forget restart ssh service.)

TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub

Edited by: chenlola on Sep 7, 2019 9:42 AM

chenlola
已回答 5 年前
0

I am having this issue when when I copy a snapshot from a US region to Australia region and start a new instance with this snapshot.
/etc/ssh/sshd_config still has the same line "TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub" as the snapshot in US region.
And the content of /etc/ssh/lightsail_instance_ca.pub is the same, but the web ssh client does not work. I guess the Australia region uses a different private to connect. What is the solution if it is? Thanks

PX
已回答 4 年前
0

It's possible that this is due to the timezone difference. This thread may provide some insight: https://forums.aws.amazon.com/thread.jspa?messageID=812946

AWS
Alex
已回答 4 年前
0

Besides adding the public key in /etc/ssh/sshd_config file as mentioned above, try also adding the second line "CASignatureAlgorithms +ssh-rsa". It worked for me.

TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub
CASignatureAlgorithms +ssh-rsa

MrCT
已回答 3 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容